Certified Information Systems Auditor (CISA) — Question 972

During an IT governance review, an IS auditor finds that all IT expenditures are included as a single line item in the enterprise-wide budget. Which of the following documentation would provide the BEST evidence for evaluating how IT expenditures support business objectives?

Answer options

• A. Profit and loss statements
• B. IT steering committee approval
• C. Business impact analysis (BIA)
• D. IT purchase orders

Correct answer: B

Explanation

The IT steering committee approval is the best evidence because it directly reflects the governance process and decision-making regarding IT expenditures in relation to business objectives. Profit and loss statements, while useful for financial analysis, do not specifically link IT spending to business goals. A Business Impact Analysis (BIA) assesses potential impacts of IT but does not provide approval context, and IT purchase orders are transactional documents that do not indicate strategic alignment.